Decentralized exchange Bunni hit by $2.3m smart contract exploit
The post Decentralized exchange Bunni hit by $2.3m smart contract exploit appeared on BitcoinEthereumNews.com. A flaw in Bunni’s smart contracts let an attacker steal around $2.3 million in stablecoins, forcing the decentralized exchange to halt all activity while it investigates the breach. Summary Bunni DEX was exploited for about $2.3 million in stablecoins after an attacker manipulated its custom Liquidity Distribution Function. The stolen funds were consolidated into a single Ethereum wallet holding $1.33 million in USDC and $1.04 million in USDT. The incident follows a wave of August exploits that caused $163 million in losses, bringing 2025’s total losses above $3.1 billion. The decentralized exchange Bunni suffered a security breach on Tuesday, September 2, 2025. The exchange announced the exploit via an X post, adding that it halted all smart contract functions across every network to prevent further damage. “The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon.” Blockchain security firm BlockSec was one of the first to flag the suspicious activity, noting that an attacker was exploiting a flaw in Bunni’s contracts to drain funds. ALERT! Our system detected a suspicious transaction targeting @bunni_xyz ’s contract on #Ethereum, and the loss is ~$2.3M. Please take actions ASAP. — BlockSec Phalcon (@Phalcon_xyz) September 2, 2025 The attacker executed a series of carefully sized trades designed to exploit Bunni’s Liquidity Distribution Function (LDF), a custom mechanism that replaces Uniswap’s default logic, aiming to spread liquidity more evenly across different price ranges and allow for more complex trading strategies. Each of these trades skewed the pool’s rebalance logic, allowing the attacker to pull out more tokens than actually available. Repeating this cycle multiple times, the attacker drained the vaults until they reached approximately $2.3 million in stablecoins. On-chain data shows the…
The post Decentralized exchange Bunni hit by $2.3m smart contract exploit appeared on BitcoinEthereumNews.com.
A flaw in Bunni’s smart contracts let an attacker steal around $2.3 million in stablecoins, forcing the decentralized exchange to halt all activity while it investigates the breach. Summary Bunni DEX was exploited for about $2.3 million in stablecoins after an attacker manipulated its custom Liquidity Distribution Function. The stolen funds were consolidated into a single Ethereum wallet holding $1.33 million in USDC and $1.04 million in USDT. The incident follows a wave of August exploits that caused $163 million in losses, bringing 2025’s total losses above $3.1 billion. The decentralized exchange Bunni suffered a security breach on Tuesday, September 2, 2025. The exchange announced the exploit via an X post, adding that it halted all smart contract functions across every network to prevent further damage. “The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon.” Blockchain security firm BlockSec was one of the first to flag the suspicious activity, noting that an attacker was exploiting a flaw in Bunni’s contracts to drain funds. ALERT! Our system detected a suspicious transaction targeting @bunni_xyz ’s contract on #Ethereum, and the loss is ~$2.3M. Please take actions ASAP. — BlockSec Phalcon (@Phalcon_xyz) September 2, 2025 The attacker executed a series of carefully sized trades designed to exploit Bunni’s Liquidity Distribution Function (LDF), a custom mechanism that replaces Uniswap’s default logic, aiming to spread liquidity more evenly across different price ranges and allow for more complex trading strategies. Each of these trades skewed the pool’s rebalance logic, allowing the attacker to pull out more tokens than actually available. Repeating this cycle multiple times, the attacker drained the vaults until they reached approximately $2.3 million in stablecoins. On-chain data shows the…
What's Your Reaction?
